001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015: package org.acegisecurity.acls.jdbc;
016:
017: import org.acegisecurity.Authentication;
018: import org.acegisecurity.GrantedAuthority;
019: import org.acegisecurity.GrantedAuthorityImpl;
020:
021: import org.acegisecurity.acls.AccessControlEntry;
022: import org.acegisecurity.acls.MutableAcl;
023: import org.acegisecurity.acls.NotFoundException;
024: import org.acegisecurity.acls.Permission;
025: import org.acegisecurity.acls.domain.BasePermission;
026: import org.acegisecurity.acls.objectidentity.ObjectIdentity;
027: import org.acegisecurity.acls.objectidentity.ObjectIdentityImpl;
028: import org.acegisecurity.acls.sid.PrincipalSid;
029: import org.acegisecurity.acls.sid.Sid;
030:
031: import org.acegisecurity.context.SecurityContextHolder;
032:
033: import org.acegisecurity.providers.TestingAuthenticationToken;
034:
035: import org.springframework.test.AbstractTransactionalDataSourceSpringContextTests;
036:
037: import java.util.Map;
038:
039: /**
040: * Integration tests the ACL system using an in-memory database.
041: *
042: * @author Ben Alex
043: * @version $Id:JdbcAclServiceTests.java 1754 2006-11-17 02:01:21Z benalex $
044: */
045: public class JdbcAclServiceTests extends
046: AbstractTransactionalDataSourceSpringContextTests {
047: //~ Instance fields ================================================================================================
048:
049: private JdbcMutableAclService jdbcMutableAclService;
050:
051: //~ Methods ========================================================================================================
052:
053: protected String[] getConfigLocations() {
054: return new String[] { "classpath:org/acegisecurity/acls/jdbc/applicationContext-test.xml" };
055: }
056:
057: public void setJdbcMutableAclService(
058: JdbcMutableAclService jdbcAclService) {
059: this .jdbcMutableAclService = jdbcAclService;
060: }
061:
062: public void testLifecycle() {
063: setComplete();
064:
065: Authentication auth = new TestingAuthenticationToken("ben",
066: "ignored",
067: new GrantedAuthority[] { new GrantedAuthorityImpl(
068: "ROLE_ADMINISTRATOR") });
069: auth.setAuthenticated(true);
070: SecurityContextHolder.getContext().setAuthentication(auth);
071:
072: ObjectIdentity topParentOid = new ObjectIdentityImpl(
073: "org.acegisecurity.TargetObject", new Long(100));
074: ObjectIdentity middleParentOid = new ObjectIdentityImpl(
075: "org.acegisecurity.TargetObject", new Long(101));
076: ObjectIdentity childOid = new ObjectIdentityImpl(
077: "org.acegisecurity.TargetObject", new Long(102));
078:
079: MutableAcl topParent = jdbcMutableAclService
080: .createAcl(topParentOid);
081: MutableAcl middleParent = jdbcMutableAclService
082: .createAcl(middleParentOid);
083: MutableAcl child = jdbcMutableAclService.createAcl(childOid);
084:
085: // Specify the inheritence hierarchy
086: middleParent.setParent(topParent);
087: child.setParent(middleParent);
088:
089: // Now let's add a couple of permissions
090: topParent.insertAce(null, BasePermission.READ,
091: new PrincipalSid(auth), true);
092: topParent.insertAce(null, BasePermission.WRITE,
093: new PrincipalSid(auth), false);
094: middleParent.insertAce(null, BasePermission.DELETE,
095: new PrincipalSid(auth), true);
096: child.insertAce(null, BasePermission.DELETE, new PrincipalSid(
097: auth), false);
098:
099: // Explictly save the changed ACL
100: jdbcMutableAclService.updateAcl(topParent);
101: jdbcMutableAclService.updateAcl(middleParent);
102: jdbcMutableAclService.updateAcl(child);
103:
104: // Let's check if we can read them back correctly
105: Map map = jdbcMutableAclService
106: .readAclsById(new ObjectIdentity[] { topParentOid,
107: middleParentOid, childOid });
108: assertEquals(3, map.size());
109:
110: // Replace our current objects with their retrieved versions
111: topParent = (MutableAcl) map.get(topParentOid);
112: middleParent = (MutableAcl) map.get(middleParentOid);
113: child = (MutableAcl) map.get(childOid);
114:
115: // Check the retrieved versions has IDs
116: assertNotNull(topParent.getId());
117: assertNotNull(middleParent.getId());
118: assertNotNull(child.getId());
119:
120: // Check their parents were correctly persisted
121: assertNull(topParent.getParentAcl());
122: assertEquals(topParentOid, middleParent.getParentAcl()
123: .getObjectIdentity());
124: assertEquals(middleParentOid, child.getParentAcl()
125: .getObjectIdentity());
126:
127: // Check their ACEs were correctly persisted
128: assertEquals(2, topParent.getEntries().length);
129: assertEquals(1, middleParent.getEntries().length);
130: assertEquals(1, child.getEntries().length);
131:
132: // Check the retrieved rights are correct
133: assertTrue(topParent.isGranted(
134: new Permission[] { BasePermission.READ },
135: new Sid[] { new PrincipalSid(auth) }, false));
136: assertFalse(topParent.isGranted(
137: new Permission[] { BasePermission.WRITE },
138: new Sid[] { new PrincipalSid(auth) }, false));
139: assertTrue(middleParent.isGranted(
140: new Permission[] { BasePermission.DELETE },
141: new Sid[] { new PrincipalSid(auth) }, false));
142: assertFalse(child.isGranted(
143: new Permission[] { BasePermission.DELETE },
144: new Sid[] { new PrincipalSid(auth) }, false));
145:
146: try {
147: child.isGranted(
148: new Permission[] { BasePermission.ADMINISTRATION },
149: new Sid[] { new PrincipalSid(auth) }, false);
150: fail("Should have thrown NotFoundException");
151: } catch (NotFoundException expected) {
152: assertTrue(true);
153: }
154:
155: // Now check the inherited rights (when not explicitly overridden) also look OK
156: assertTrue(child.isGranted(
157: new Permission[] { BasePermission.READ },
158: new Sid[] { new PrincipalSid(auth) }, false));
159: assertFalse(child.isGranted(
160: new Permission[] { BasePermission.WRITE },
161: new Sid[] { new PrincipalSid(auth) }, false));
162: assertFalse(child.isGranted(
163: new Permission[] { BasePermission.DELETE },
164: new Sid[] { new PrincipalSid(auth) }, false));
165:
166: // Next change the child so it doesn't inherit permissions from above
167: child.setEntriesInheriting(false);
168: jdbcMutableAclService.updateAcl(child);
169: child = (MutableAcl) jdbcMutableAclService
170: .readAclById(childOid);
171: assertFalse(child.isEntriesInheriting());
172:
173: // Check the child permissions no longer inherit
174: assertFalse(child.isGranted(
175: new Permission[] { BasePermission.DELETE },
176: new Sid[] { new PrincipalSid(auth) }, true));
177:
178: try {
179: child.isGranted(new Permission[] { BasePermission.READ },
180: new Sid[] { new PrincipalSid(auth) }, true);
181: fail("Should have thrown NotFoundException");
182: } catch (NotFoundException expected) {
183: assertTrue(true);
184: }
185:
186: try {
187: child.isGranted(new Permission[] { BasePermission.WRITE },
188: new Sid[] { new PrincipalSid(auth) }, true);
189: fail("Should have thrown NotFoundException");
190: } catch (NotFoundException expected) {
191: assertTrue(true);
192: }
193:
194: // Let's add an identical permission to the child, but it'll appear AFTER the current permission, so has no impact
195: child.insertAce(null, BasePermission.DELETE, new PrincipalSid(
196: auth), true);
197:
198: // Let's also add another permission to the child
199: child.insertAce(null, BasePermission.CREATE, new PrincipalSid(
200: auth), true);
201:
202: // Save the changed child
203: jdbcMutableAclService.updateAcl(child);
204: child = (MutableAcl) jdbcMutableAclService
205: .readAclById(childOid);
206: assertEquals(3, child.getEntries().length);
207:
208: // Output permissions
209: for (int i = 0; i < child.getEntries().length; i++) {
210: System.out.println(child.getEntries()[i]);
211: }
212:
213: // Check the permissions are as they should be
214: assertFalse(child.isGranted(
215: new Permission[] { BasePermission.DELETE },
216: new Sid[] { new PrincipalSid(auth) }, true)); // as earlier permission overrode
217: assertTrue(child.isGranted(
218: new Permission[] { BasePermission.CREATE },
219: new Sid[] { new PrincipalSid(auth) }, true));
220:
221: // Now check the first ACE (index 0) really is DELETE for our Sid and is non-granting
222: AccessControlEntry entry = child.getEntries()[0];
223: assertEquals(BasePermission.DELETE.getMask(), entry
224: .getPermission().getMask());
225: assertEquals(new PrincipalSid(auth), entry.getSid());
226: assertFalse(entry.isGranting());
227: assertNotNull(entry.getId());
228:
229: // Now delete that first ACE
230: child.deleteAce(entry.getId());
231:
232: // Save and check it worked
233: child = jdbcMutableAclService.updateAcl(child);
234: assertEquals(2, child.getEntries().length);
235: assertTrue(child.isGranted(
236: new Permission[] { BasePermission.DELETE },
237: new Sid[] { new PrincipalSid(auth) }, false));
238:
239: SecurityContextHolder.clearContext();
240: }
241:
242: /* public void testCumulativePermissions() {
243: setComplete();
244: Authentication auth = new TestingAuthenticationToken("ben", "ignored", new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ADMINISTRATOR")});
245: auth.setAuthenticated(true);
246: SecurityContextHolder.getContext().setAuthentication(auth);
247:
248: ObjectIdentity topParentOid = new ObjectIdentityImpl("org.acegisecurity.TargetObject", new Long(110));
249: MutableAcl topParent = jdbcMutableAclService.createAcl(topParentOid);
250:
251: // Add an ACE permission entry
252: CumulativePermission cm = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
253: assertEquals(17, cm.getMask());
254: topParent.insertAce(null, cm, new PrincipalSid(auth), true);
255: assertEquals(1, topParent.getEntries().length);
256:
257: // Explictly save the changed ACL
258: topParent = jdbcMutableAclService.updateAcl(topParent);
259:
260: // Check the mask was retrieved correctly
261: assertEquals(17, topParent.getEntries()[0].getPermission().getMask());
262: assertTrue(topParent.isGranted(new Permission[] {cm}, new Sid[] {new PrincipalSid(auth)}, true));
263:
264: SecurityContextHolder.clearContext();
265: }
266: */
267: }
|